Developing a Cybersecurity Risk Analysis System for High-Tech Equipment in Machine Industry

The paper is dedicated to developing a system for identifying and assessing cyber-risks to support investment decision-making in a machine industry enterprise. It is designed for projects related to high-tech equipment development and introduction. The problem is acute because the existing methods of cyber-risk analysis have some drawbacks, which prevent them from being used at a time of growing information threats. A structural-logical scheme for the cyber-risk analysis system has been developed, and detailed descriptions are provided for some blocks of the system and their tools. The research methods include system approach to problem-studying, analysis of fundamental statements given in literature, and analysis of the existing tools used in practice for solving these problems. The presented system has some advantages in comparison with such common approaches as risk maps or factor analysis of information risks (FAIR). Since it is built on risk-control principles, it ensures that all actions of management concerning cyber-risk-control are integrated and coordinated. The system also contains effective tools and methods for assessing cyber-risks in quantitative terms, calculating a consolidated effect with due consideration of risks, assessing the impact this effect makes on the strategic goal indicator of a project, comparing project implementation scenarios given cyber threats with risk appetite to evaluate the acceptability of the project. These advantages make the system dynamic and integrative, reactive to the changes of the cyberspace and emergence of new threats. It can have a substantial practical application in managing investment projects related to the development and introduction of high-tech equipment in enterprises of the sector.